System and Memory Requirements for Secret Server

Software Requirements

  1. One of the following Microsoft operating systems:
    • Windows Server 2008 (including R2)
      • Small Business Server (SBS) is not supported.
      • The "Core" (GUI-less) role is not supported. Support is provided in Server 2012.
    • Windows Server 2012 (including R2)
      • The Essentials edition is not supported due to requiring the Domain Controller role
      • The "Core" (GUI-less) role is supported.
    • Windows Vista (Ultimate or Business)
    • Windows 7
    • Windows 8 (including 8.1)
  2. Microsoft SQL Server 2005, 2008 (including R2), or 2012. Express Edition or higher.
  3. Microsoft Internet Information Services (IIS) (internal part of the operating system)
  4. Microsoft .NET Framework 4.5.1. Both 32-bit and 64-bit editions are supported (note that some features of Secret Server require 64-bit to operate).

Note Do not plan to install Secret Server on a domain controller. Microsoft ASP.NET will not operate reliably when installed on a domain controller.

Hardware Requirements


Small Installation (<1K Secrets, 1-10 Users):
  • Dual-Core 1.6Ghz or higher
  • 2 gig ram
  • 500MB of disk space + 10 MB of disk space per user per year.

Medium Installation (1K-10K Secrets; 10-100 Users):

  • Dual-Core 2Ghz or higher
  • 2 gig ram
  • 1 GB of disk space + 10 MB of disk space per user per year.

Large Installation (10K+ Secrets, 100+ Users):

  • Quad-Core 2.0Ghz or higher
  • 4 gig ram
  • 2 GB of disk space + 10 MB of disk space per user per year.
Instructions on setting up Database Mirroring and Disaster Recovery - recommended for medium and large installations.


Other Considerations
  • Secret Server will operate in a virtualized environment (VMWare or Hyper-V).  
  • Do NOT install Secret Server on a domain controller (Microsoft ASP.NET does not operate reliably when installed on a domain controller).
  • Do NOT install Secret Server on a server running SharePoint.
  • You can run Secret Server on the same machine as other applications (Secret Server will require sufficient RAM and CPU to operate normally), however, see the next point:
  • For maximum security, you should install the application on dedicated systems or at least systems with applications with the same level of security/sensitivity.  Access to these systems should then be restricted.  While all sensitive data in Secret Server is either securely hashed or encrypted, it is a security best practice to limit any opportunities for foul play.
  • If you intend to use Session Recording, additional disk space will be needed for the database to store the recorded videos.  See http://support.thycotic.com/KB/a162/configuring-session-recording.aspx for more information.

Performance

The following example is based off of a test instance with 120,000 Secrets:
    • The database was 1.6 GB.
    • The machine was a Windows 7 instance with an Intel i7 2.67 GHz processor and 6GB of RAM.
  1. Searching performance is primarily driven by the number of Secrets a user has access to, so in the above example a user searching all folders with View access to all Secrets could see search times of 4-6 seconds. Meanwhile, a user with access to 6,000 Secrets in the same instance will see search queries return in 1-2 seconds. Search times can vary based on data; the fastest search will be for a distinct value in a smaller set of Secrets, the longer searches will be for a generic value in a larger set of Secrets. For example, the search for a Secret named "PRODSRV03\LocalAdmin" will return much faster if the search value is "PRODSRV03" and done in a specific folder than if the search is "Admin" and done at the root level.
  2. To increase performance, consider putting the database and web application on a separate servers, which will reduce resource contention. Another option is to set up front-end clustering behind a load balancer using the Enterprise Plus edition, which will help scale out the work done on the web server.

Article ID: 51, Created On: 9/11/2009, Modified: 3/21/2014

Feedback (0)